aws-sdk-s3 1.75.0 → 1.83.1

data/lib/aws-sdk-s3/types.rb

@@ -61,6 +61,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -70,14 +71,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -100,13 +111,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest AWS API Documentation
     #
     class AbortMultipartUploadRequest < Struct.new(
       :bucket,
       :key,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -454,8 +472,8 @@ module Aws::S3
     end
 
     # The requested bucket name is not available. The bucket namespace is
-    # shared by all users of the system. Please select a different name and
-    # try again.
+    # shared by all users of the system. Select a different name and try
+    # again.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BucketAlreadyExists AWS API Documentation
     #
@@ -891,6 +909,29 @@ module Aws::S3
     #
     # @!attribute [rw] bucket
     #   The name of the bucket that contains the newly created object.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -969,6 +1010,7 @@ module Aws::S3
     #         },
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -999,6 +1041,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest AWS API Documentation
     #
     class CompleteMultipartUploadRequest < Struct.new(
@@ -1006,7 +1054,8 @@ module Aws::S3
       :key,
       :multipart_upload,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1214,7 +1263,7 @@ module Aws::S3
     #         metadata_directive: "COPY", # accepts COPY, REPLACE
     #         tagging_directive: "COPY", # accepts COPY, REPLACE
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -1229,14 +1278,41 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
     #   The canned ACL to apply to the object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] bucket
     #   The name of the destination bucket.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -1262,8 +1338,50 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and the key of the source object, separated
+    #     by a slash (/). For example, to copy the object
+    #     `reports/january.pdf` from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #     Alternatively, for objects accessed through Amazon S3 on Outposts,
+    #     specify the ARN of the object as accessed in the format
+    #     `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     outpost `my-outpost` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -1292,18 +1410,26 @@ module Aws::S3
     # @!attribute [rw] grant_full_control
     #   Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
     #   object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read
     #   Allows grantee to read the object data and its metadata.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read_acp
     #   Allows grantee to read the object ACL.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_write_acp
     #   Allows grantee to write the ACL for the applicable object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -1330,7 +1456,16 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] storage_class
-    #   The type of storage to use for the object. Defaults to 'STANDARD'.
+    #   By default, Amazon S3 uses the STANDARD Storage Class to store newly
+    #   created objects. The STANDARD storage class provides high durability
+    #   and high availability. Depending on performance needs, you can
+    #   specify a different Storage Class. Amazon S3 on Outposts only uses
+    #   the OUTPOSTS Storage Class. For more information, see [Storage
+    #   Classes][1] in the *Amazon S3 Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
     #   @return [String]
     #
     # @!attribute [rw] website_redirect_location
@@ -1350,7 +1485,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -1427,6 +1562,18 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest AWS API Documentation
     #
     class CopyObjectRequest < Struct.new(
@@ -1466,7 +1613,9 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -1517,7 +1666,7 @@ module Aws::S3
     #   data as a hash:
     #
     #       {
-    #         location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #         location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #       }
     #
     # @!attribute [rw] location_constraint
@@ -1555,7 +1704,7 @@ module Aws::S3
     #         acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #         bucket: "BucketName", # required
     #         create_bucket_configuration: {
-    #           location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #           location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #         },
     #         grant_full_control: "GrantFullControl",
     #         grant_read: "GrantRead",
@@ -1645,20 +1794,30 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -1744,7 +1903,7 @@ module Aws::S3
     #           "MetadataKey" => "MetadataValue",
     #         },
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -1756,14 +1915,40 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
     #   The canned ACL to apply to the object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] bucket
     #   The name of the bucket to which to initiate the upload
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -1795,18 +1980,26 @@ module Aws::S3
     # @!attribute [rw] grant_full_control
     #   Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
     #   object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read
     #   Allows grantee to read the object data and its metadata.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read_acp
     #   Allows grantee to read the object ACL.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_write_acp
     #   Allows grantee to write the ACL for the applicable object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -1823,7 +2016,16 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] storage_class
-    #   The type of storage to use for the object. Defaults to 'STANDARD'.
+    #   By default, Amazon S3 uses the STANDARD Storage Class to store newly
+    #   created objects. The STANDARD storage class provides high durability
+    #   and high availability. Depending on performance needs, you can
+    #   specify a different Storage Class. Amazon S3 on Outposts only uses
+    #   the OUTPOSTS Storage Class. For more information, see [Storage
+    #   Classes][1] in the *Amazon S3 Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
     #   @return [String]
     #
     # @!attribute [rw] website_redirect_location
@@ -1843,7 +2045,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -1903,6 +2105,12 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest AWS API Documentation
     #
     class CreateMultipartUploadRequest < Struct.new(
@@ -1932,7 +2140,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -2013,6 +2222,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2024,11 +2234,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2038,16 +2255,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket whose `cors` configuration is being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest AWS API Documentation
     #
     class DeleteBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2057,6 +2282,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2064,10 +2290,17 @@ module Aws::S3
     #   configuration to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
     #
     class DeleteBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2078,6 +2311,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2089,11 +2323,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest AWS API Documentation
     #
     class DeleteBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2103,16 +2344,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name of the lifecycle to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest AWS API Documentation
     #
     class DeleteBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2123,6 +2372,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2134,11 +2384,42 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteBucketOwnershipControlsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon S3 bucket whose `OwnershipControls` you want to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControlsRequest AWS API Documentation
+    #
+    class DeleteBucketOwnershipControlsRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2148,16 +2429,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest AWS API Documentation
     #
     class DeleteBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2167,16 +2456,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest AWS API Documentation
     #
     class DeleteBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2186,16 +2483,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest AWS API Documentation
     #
     class DeleteBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2205,16 +2510,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket that has the tag set to be removed.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest AWS API Documentation
     #
     class DeleteBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2224,6 +2537,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2231,10 +2545,17 @@ module Aws::S3
     #   configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest AWS API Documentation
     #
     class DeleteBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2353,6 +2674,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2362,14 +2684,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -2404,6 +2736,12 @@ module Aws::S3
     #   restrictions to process this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest AWS API Documentation
     #
     class DeleteObjectRequest < Struct.new(
@@ -2412,7 +2750,8 @@ module Aws::S3
       :mfa,
       :version_id,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2436,6 +2775,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2446,30 +2786,47 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
-    #   Name of the tag.
+    #   Name of the object key.
     #   @return [String]
     #
     # @!attribute [rw] version_id
     #   The versionId of the object that the tag-set will be removed from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest AWS API Documentation
     #
     class DeleteObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2516,6 +2873,7 @@ module Aws::S3
     #         mfa: "MFA",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2525,14 +2883,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] delete
@@ -2564,6 +2932,12 @@ module Aws::S3
     #   permissions to perform this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest AWS API Documentation
     #
     class DeleteObjectsRequest < Struct.new(
@@ -2571,7 +2945,8 @@ module Aws::S3
       :delete,
       :mfa,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2581,6 +2956,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2588,10 +2964,17 @@ module Aws::S3
     #   want to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlockRequest AWS API Documentation
     #
     class DeletePublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2641,7 +3024,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         account: "AccountId",
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         access_control_translation: {
     #           owner: "Destination", # required, accepts Destination
     #         },
@@ -3750,17 +4133,25 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which the accelerate configuration is
+    #   The name of the bucket for which the accelerate configuration is
     #   retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class GetBucketAccelerateConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3787,16 +4178,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the S3 bucket whose ACL is being requested.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest AWS API Documentation
     #
     class GetBucketAclRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3819,6 +4218,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3830,11 +4230,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class GetBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3857,16 +4264,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the cors configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest AWS API Documentation
     #
     class GetBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3888,6 +4303,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3895,10 +4311,17 @@ module Aws::S3
     #   configuration is retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
     #
     class GetBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3921,6 +4344,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3932,11 +4356,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest AWS API Documentation
     #
     class GetBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3958,16 +4389,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class GetBucketLifecycleConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3989,16 +4428,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest AWS API Documentation
     #
     class GetBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4027,16 +4474,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the location.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest AWS API Documentation
     #
     class GetBucketLocationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4065,16 +4520,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the logging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest AWS API Documentation
     #
     class GetBucketLoggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4097,6 +4560,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4108,11 +4572,18 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest AWS API Documentation
     #
     class GetBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4122,16 +4593,63 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which to get the notification configuration.
+    #   The name of the bucket for which to get the notification
+    #   configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest AWS API Documentation
     #
     class GetBucketNotificationConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] ownership_controls
+    #   The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter)
+    #   currently in effect for this Amazon S3 bucket.
+    #   @return [Types::OwnershipControls]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsOutput AWS API Documentation
+    #
+    class GetBucketOwnershipControlsOutput < Struct.new(
+      :ownership_controls)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketOwnershipControlsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose `OwnershipControls` you want
+    #   to retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsRequest AWS API Documentation
+    #
+    class GetBucketOwnershipControlsRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4153,16 +4671,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the bucket policy.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest AWS API Documentation
     #
     class GetBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4184,6 +4710,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4191,10 +4718,17 @@ module Aws::S3
     #   retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatusRequest AWS API Documentation
     #
     class GetBucketPolicyStatusRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4217,16 +4751,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the replication information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest AWS API Documentation
     #
     class GetBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4248,6 +4790,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4255,10 +4798,17 @@ module Aws::S3
     #   configuration
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest AWS API Documentation
     #
     class GetBucketRequestPaymentRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4280,16 +4830,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the tagging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest AWS API Documentation
     #
     class GetBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4319,16 +4877,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the versioning information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest AWS API Documentation
     #
     class GetBucketVersioningRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4369,16 +4935,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the website configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest AWS API Documentation
     #
     class GetBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4414,6 +4988,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4424,9 +4999,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -4454,13 +5029,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest AWS API Documentation
     #
     class GetObjectAclRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4485,6 +5067,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4495,9 +5078,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -4527,13 +5110,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHoldRequest AWS API Documentation
     #
     class GetObjectLegalHoldRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4555,16 +5145,37 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket whose Object Lock configuration you want to retrieve.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfigurationRequest AWS API Documentation
     #
     class GetObjectLockConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4788,6 +5399,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4797,14 +5409,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] if_match
@@ -4884,7 +5506,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -4912,6 +5534,12 @@ module Aws::S3
     #   object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
     #
     class GetObjectRequest < Struct.new(
@@ -4933,7 +5561,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -4958,6 +5587,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4968,9 +5598,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -5000,13 +5630,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetentionRequest AWS API Documentation
     #
     class GetObjectRetentionRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5036,6 +5673,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5046,14 +5684,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -5065,12 +5713,19 @@ module Aws::S3
     #   information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest AWS API Documentation
     #
     class GetObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5100,6 +5755,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5123,12 +5779,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest AWS API Documentation
     #
     class GetObjectTorrentRequest < Struct.new(
       :bucket,
       :key,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5151,6 +5814,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5158,10 +5822,17 @@ module Aws::S3
     #   configuration you want to retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlockRequest AWS API Documentation
     #
     class GetPublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5298,16 +5969,47 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest AWS API Documentation
     #
     class HeadBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5332,8 +6034,8 @@ module Aws::S3
     # @!attribute [rw] restore
     #   If the object is an archived object (an object whose storage class
     #   is GLACIER), the response includes this header if either the archive
-    #   restoration is in progress (see RestoreObject or an archive copy is
-    #   already restored.
+    #   restoration is in progress (see [RestoreObject][1] or an archive
+    #   copy is already restored.
     #
     #   If an archive copy is already restored, the header value indicates
     #   when Amazon S3 is scheduled to delete the object copy. For example:
@@ -5345,11 +6047,12 @@ module Aws::S3
     #   value `ongoing-request="true"`.
     #
     #   For more information about archiving objects, see [Transitioning
-    #   Objects: General Considerations][1].
+    #   Objects: General Considerations][2].
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
     #   @return [String]
     #
     # @!attribute [rw] last_modified
@@ -5583,10 +6286,34 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket containing the object.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] if_match
@@ -5616,12 +6343,16 @@ module Aws::S3
     # @!attribute [rw] range
     #   Downloads the specified range bytes of an object. For more
     #   information about the HTTP Range header, see
-    #   [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35]().
+    #   [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
     #
     #   <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
     #   `GET` request.
     #
     #    </note>
+    #
+    #
+    #
+    #   [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -5638,7 +6369,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -5666,6 +6397,12 @@ module Aws::S3
     #   and the number of parts in this object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
     #
     class HeadObjectRequest < Struct.new(
@@ -5681,7 +6418,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -6486,6 +7224,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6498,11 +7237,18 @@ module Aws::S3
     #   request should begin.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest AWS API Documentation
     #
     class ListBucketAnalyticsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6546,6 +7292,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6560,11 +7307,18 @@ module Aws::S3
     #   token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest AWS API Documentation
     #
     class ListBucketInventoryConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6610,6 +7364,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6624,11 +7379,18 @@ module Aws::S3
     #   continuation token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest AWS API Documentation
     #
     class ListBucketMetricsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6651,7 +7413,7 @@ module Aws::S3
     end
 
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #   @return [String]
     #
     # @!attribute [rw] key_marker
@@ -6751,23 +7513,34 @@ module Aws::S3
     #         max_uploads: 1,
     #         prefix: "Prefix",
     #         upload_id_marker: "UploadIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -6827,6 +7600,12 @@ module Aws::S3
     #   the specified `upload-id-marker`.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest AWS API Documentation
     #
     class ListMultipartUploadsRequest < Struct.new(
@@ -6836,7 +7615,8 @@ module Aws::S3
       :key_marker,
       :max_uploads,
       :prefix,
-      :upload_id_marker)
+      :upload_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6880,7 +7660,7 @@ module Aws::S3
     #   @return [Array<Types::DeleteMarkerEntry>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -6948,23 +7728,11 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         version_id_marker: "VersionIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name that contains the objects.
-    #
-    #   When using this API with an access point, you must direct requests
-    #   to the access point hostname. The access point hostname takes the
-    #   form
-    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
-    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7012,6 +7780,12 @@ module Aws::S3
     #   Specifies the object version you want to start listing from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest AWS API Documentation
     #
     class ListObjectVersionsRequest < Struct.new(
@@ -7021,7 +7795,8 @@ module Aws::S3
       :key_marker,
       :max_keys,
       :prefix,
-      :version_id_marker)
+      :version_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7042,7 +7817,7 @@ module Aws::S3
     #   in the subsequent request to get next set of objects. Amazon S3
     #   lists objects in alphabetical order Note: This element is returned
     #   only if you have delimiter request parameter specified. If response
-    #   does not include the NextMaker and it is truncated, you can use the
+    #   does not include the NextMarker and it is truncated, you can use the
     #   value of the last Key in the response as the marker in the
     #   subsequent request to get the next set of object keys.
     #   @return [String]
@@ -7052,7 +7827,7 @@ module Aws::S3
     #   @return [Array<Types::Object>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -7123,10 +7898,34 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket containing the objects.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7162,6 +7961,12 @@ module Aws::S3
     #   parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest AWS API Documentation
     #
     class ListObjectsRequest < Struct.new(
@@ -7171,7 +7976,8 @@ module Aws::S3
       :marker,
       :max_keys,
       :prefix,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7187,20 +7993,30 @@ module Aws::S3
     #   @return [Array<Types::Object>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -7308,6 +8124,7 @@ module Aws::S3
     #         fetch_owner: false,
     #         start_after: "StartAfter",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7317,14 +8134,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7370,6 +8197,12 @@ module Aws::S3
     #   this parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request AWS API Documentation
     #
     class ListObjectsV2Request < Struct.new(
@@ -7381,7 +8214,8 @@ module Aws::S3
       :continuation_token,
       :fetch_owner,
       :start_after,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7411,7 +8245,7 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -7505,23 +8339,34 @@ module Aws::S3
     #         part_number_marker: 1,
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the parts are being uploaded.
+    #   The name of the bucket to which the parts are being uploaded.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -7554,6 +8399,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest AWS API Documentation
     #
     class ListPartsRequest < Struct.new(
@@ -7562,7 +8413,8 @@ module Aws::S3
       :max_parts,
       :part_number_marker,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8140,8 +8992,25 @@ module Aws::S3
     #   @return [Time]
     #
     # @!attribute [rw] etag
-    #   The entity tag is an MD5 hash of the object. ETag reflects only
-    #   changes to the contents of an object, not its metadata.
+    #   The entity tag is a hash of the object. The ETag reflects changes
+    #   only to the contents of an object, not its metadata. The ETag may or
+    #   may not be an MD5 digest of the object data. Whether or not it is
+    #   depends on how the object was created and how it is encrypted as
+    #   described below:
+    #
+    #   * Objects created by the PUT Object, POST Object, or Copy operation,
+    #     or through the AWS Management Console, and are encrypted by SSE-S3
+    #     or plaintext, have ETags that are an MD5 digest of their object
+    #     data.
+    #
+    #   * Objects created by the PUT Object, POST Object, or Copy operation,
+    #     or through the AWS Management Console, and are encrypted by SSE-C
+    #     or SSE-KMS, have ETags that are not an MD5 digest of their object
+    #     data.
+    #
+    #   * If an object is created by either the Multipart Upload or Part
+    #     Copy operation, the ETag is not an MD5 digest, regardless of the
+    #     method of encryption.
     #   @return [String]
     #
     # @!attribute [rw] size
@@ -8408,7 +9277,7 @@ module Aws::S3
     #               value: "MetadataValue",
     #             },
     #           ],
-    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         },
     #       }
     #
@@ -8487,6 +9356,60 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The container element for a bucket's ownership controls.
+    #
+    # @note When making an API call, you may pass OwnershipControls
+    #   data as a hash:
+    #
+    #       {
+    #         rules: [ # required
+    #           {
+    #             object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] rules
+    #   The container element for an ownership control rule.
+    #   @return [Array<Types::OwnershipControlsRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControls AWS API Documentation
+    #
+    class OwnershipControls < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container element for an ownership control rule.
+    #
+    # @note When making an API call, you may pass OwnershipControlsRule
+    #   data as a hash:
+    #
+    #       {
+    #         object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
+    #       }
+    #
+    # @!attribute [rw] object_ownership
+    #   The container element for object ownership for a bucket's ownership
+    #   controls.
+    #
+    #   BucketOwnerPreferred - Objects uploaded to the bucket change
+    #   ownership to the bucket owner if the objects are uploaded with the
+    #   `bucket-owner-full-control` canned ACL.
+    #
+    #   ObjectWriter - The uploading account will own the object if the
+    #   object is uploaded with the `bucket-owner-full-control` canned ACL.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControlsRule AWS API Documentation
+    #
+    class OwnershipControlsRule < Struct.new(
+      :object_ownership)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Container for Parquet.
     #
     # @api private
@@ -8665,21 +9588,30 @@ module Aws::S3
     #         accelerate_configuration: { # required
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which the accelerate configuration is set.
+    #   The name of the bucket for which the accelerate configuration is
+    #   set.
     #   @return [String]
     #
     # @!attribute [rw] accelerate_configuration
     #   Container for setting the transfer acceleration state.
     #   @return [Types::AccelerateConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class PutBucketAccelerateConfigurationRequest < Struct.new(
       :bucket,
-      :accelerate_configuration)
+      :accelerate_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8714,6 +9646,7 @@ module Aws::S3
     #         grant_read_acp: "GrantReadACP",
     #         grant_write: "GrantWrite",
     #         grant_write_acp: "GrantWriteACP",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -8762,6 +9695,12 @@ module Aws::S3
     #   Allows grantee to write the ACL for the applicable bucket.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest AWS API Documentation
     #
     class PutBucketAclRequest < Struct.new(
@@ -8773,7 +9712,8 @@ module Aws::S3
       :grant_read,
       :grant_read_acp,
       :grant_write,
-      :grant_write_acp)
+      :grant_write_acp,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8816,6 +9756,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8831,12 +9772,19 @@ module Aws::S3
     #   The configuration and any analyses for the analytics filter.
     #   @return [Types::AnalyticsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class PutBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :analytics_configuration)
+      :analytics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8858,6 +9806,7 @@ module Aws::S3
     #           ],
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8886,12 +9835,19 @@ module Aws::S3
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest AWS API Documentation
     #
     class PutBucketCorsRequest < Struct.new(
       :bucket,
       :cors_configuration,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8912,6 +9868,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8937,12 +9894,19 @@ module Aws::S3
     #   Specifies the default server-side-encryption configuration.
     #   @return [Types::ServerSideEncryptionConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
     #
     class PutBucketEncryptionRequest < Struct.new(
       :bucket,
       :content_md5,
-      :server_side_encryption_configuration)
+      :server_side_encryption_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8980,6 +9944,7 @@ module Aws::S3
     #             frequency: "Daily", # required, accepts Daily, Weekly
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8995,12 +9960,19 @@ module Aws::S3
     #   Specifies the inventory configuration.
     #   @return [Types::InventoryConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest AWS API Documentation
     #
     class PutBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :inventory_configuration)
+      :inventory_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9059,6 +10031,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9069,11 +10042,18 @@ module Aws::S3
     #   Container for lifecycle rules. You can add as many as 1,000 rules.
     #   @return [Types::BucketLifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class PutBucketLifecycleConfigurationRequest < Struct.new(
       :bucket,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9113,6 +10093,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9124,12 +10105,19 @@ module Aws::S3
     # @!attribute [rw] lifecycle_configuration
     #   @return [Types::LifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest AWS API Documentation
     #
     class PutBucketLifecycleRequest < Struct.new(
       :bucket,
       :content_md5,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9158,6 +10146,7 @@ module Aws::S3
     #           },
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9172,12 +10161,19 @@ module Aws::S3
     #   The MD5 hash of the `PutBucketLogging` request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest AWS API Documentation
     #
     class PutBucketLoggingRequest < Struct.new(
       :bucket,
       :bucket_logging_status,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9207,6 +10203,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9221,12 +10218,19 @@ module Aws::S3
     #   Specifies the metrics configuration.
     #   @return [Types::MetricsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest AWS API Documentation
     #
     class PutBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :metrics_configuration)
+      :metrics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9289,6 +10293,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9301,11 +10306,18 @@ module Aws::S3
     #   the bucket.
     #   @return [Types::NotificationConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest AWS API Documentation
     #
     class PutBucketNotificationConfigurationRequest < Struct.new(
       :bucket,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9337,6 +10349,7 @@ module Aws::S3
     #             invocation_role: "CloudFunctionInvocationRole",
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9351,12 +10364,63 @@ module Aws::S3
     #   The container for the configuration.
     #   @return [Types::NotificationConfigurationDeprecated]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest AWS API Documentation
     #
     class PutBucketNotificationRequest < Struct.new(
       :bucket,
       :content_md5,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketOwnershipControlsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
+    #         ownership_controls: { # required
+    #           rules: [ # required
+    #             {
+    #               object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose `OwnershipControls` you want
+    #   to set.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The MD5 hash of the `OwnershipControls` request body.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   @return [String]
+    #
+    # @!attribute [rw] ownership_controls
+    #   The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter) that
+    #   you want to apply to this Amazon S3 bucket.
+    #   @return [Types::OwnershipControls]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControlsRequest AWS API Documentation
+    #
+    class PutBucketOwnershipControlsRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :expected_bucket_owner,
+      :ownership_controls)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9369,6 +10433,7 @@ module Aws::S3
     #         content_md5: "ContentMD5",
     #         confirm_remove_self_bucket_access: false,
     #         policy: "Policy", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9388,13 +10453,20 @@ module Aws::S3
     #   The bucket policy as a JSON document.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest AWS API Documentation
     #
     class PutBucketPolicyRequest < Struct.new(
       :bucket,
       :content_md5,
       :confirm_remove_self_bucket_access,
-      :policy)
+      :policy,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9440,7 +10512,7 @@ module Aws::S3
     #               destination: { # required
     #                 bucket: "BucketName", # required
     #                 account: "AccountId",
-    #                 storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #                 storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #                 access_control_translation: {
     #                   owner: "Destination", # required, accepts Destination
     #                 },
@@ -9467,6 +10539,7 @@ module Aws::S3
     #           ],
     #         },
     #         token: "ObjectLockToken",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9492,13 +10565,20 @@ module Aws::S3
     # @!attribute [rw] token
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest AWS API Documentation
     #
     class PutBucketReplicationRequest < Struct.new(
       :bucket,
       :content_md5,
       :replication_configuration,
-      :token)
+      :token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9512,6 +10592,7 @@ module Aws::S3
     #         request_payment_configuration: { # required
     #           payer: "Requester", # required, accepts Requester, BucketOwner
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9533,12 +10614,19 @@ module Aws::S3
     #   Container for Payer.
     #   @return [Types::RequestPaymentConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest AWS API Documentation
     #
     class PutBucketRequestPaymentRequest < Struct.new(
       :bucket,
       :content_md5,
-      :request_payment_configuration)
+      :request_payment_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9557,6 +10645,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9578,12 +10667,19 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements.
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest AWS API Documentation
     #
     class PutBucketTaggingRequest < Struct.new(
       :bucket,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9599,6 +10695,7 @@ module Aws::S3
     #           mfa_delete: "Enabled", # accepts Enabled, Disabled
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9626,13 +10723,20 @@ module Aws::S3
     #   Container for setting the versioning state.
     #   @return [Types::VersioningConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest AWS API Documentation
     #
     class PutBucketVersioningRequest < Struct.new(
       :bucket,
       :content_md5,
       :mfa,
-      :versioning_configuration)
+      :versioning_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9670,6 +10774,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9691,12 +10796,19 @@ module Aws::S3
     #   Container for the request.
     #   @return [Types::WebsiteConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest AWS API Documentation
     #
     class PutBucketWebsiteRequest < Struct.new(
       :bucket,
       :content_md5,
-      :website_configuration)
+      :website_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9747,6 +10859,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -9771,9 +10884,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -9795,14 +10908,20 @@ module Aws::S3
     # @!attribute [rw] grant_full_control
     #   Allows grantee the read, write, read ACP, and write ACP permissions
     #   on the bucket.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read
     #   Allows grantee to list the objects in the bucket.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read_acp
     #   Allows grantee to read the bucket ACL.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_write
@@ -9812,10 +10931,35 @@ module Aws::S3
     #
     # @!attribute [rw] grant_write_acp
     #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] key
     #   Key for which the PUT operation was initiated.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] request_payer
@@ -9834,6 +10978,12 @@ module Aws::S3
     #   VersionId used to reference a specific version of the object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest AWS API Documentation
     #
     class PutObjectAclRequest < Struct.new(
@@ -9848,7 +10998,8 @@ module Aws::S3
       :grant_write_acp,
       :key,
       :request_payer,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9878,6 +11029,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9888,9 +11040,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -9927,6 +11079,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHoldRequest AWS API Documentation
     #
     class PutObjectLegalHoldRequest < Struct.new(
@@ -9935,7 +11093,8 @@ module Aws::S3
       :legal_hold,
       :request_payer,
       :version_id,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9971,6 +11130,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         token: "ObjectLockToken",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10003,6 +11163,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfigurationRequest AWS API Documentation
     #
     class PutObjectLockConfigurationRequest < Struct.new(
@@ -10010,17 +11176,22 @@ module Aws::S3
       :object_lock_configuration,
       :request_payer,
       :token,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] expiration
     #   If the expiration is configured for the object (see
-    #   PutBucketLifecycleConfiguration), the response includes this header.
-    #   It includes the expiry-date and rule-id key-value pairs that provide
-    #   information about object expiration. The value of the rule-id is URL
-    #   encoded.
+    #   [PutBucketLifecycleConfiguration][1]), the response includes this
+    #   header. It includes the expiry-date and rule-id key-value pairs that
+    #   provide information about object expiration. The value of the
+    #   rule-id is URL encoded.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
     #   @return [String]
     #
     # @!attribute [rw] etag
@@ -10110,7 +11281,7 @@ module Aws::S3
     #           "MetadataKey" => "MetadataValue",
     #         },
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -10122,12 +11293,15 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
     #   The canned ACL to apply to the object. For more information, see
     #   [Canned ACL][1].
     #
+    #   This action is not supported by Amazon S3 on Outposts.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
@@ -10138,20 +11312,30 @@ module Aws::S3
     #   @return [IO]
     #
     # @!attribute [rw] bucket
-    #   Bucket name to which the PUT operation was initiated.
+    #   The bucket name to which the PUT operation was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -10238,18 +11422,26 @@ module Aws::S3
     # @!attribute [rw] grant_full_control
     #   Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
     #   object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read
     #   Allows grantee to read the object data and its metadata.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_read_acp
     #   Allows grantee to read the object ACL.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] grant_write_acp
     #   Allows grantee to write the ACL for the applicable object.
+    #
+    #   This action is not supported by Amazon S3 on Outposts.
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -10266,8 +11458,16 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] storage_class
-    #   If you don't specify, S3 Standard is the default storage class.
-    #   Amazon S3 supports other storage classes.
+    #   By default, Amazon S3 uses the STANDARD Storage Class to store newly
+    #   created objects. The STANDARD storage class provides high durability
+    #   and high availability. Depending on performance needs, you can
+    #   specify a different Storage Class. Amazon S3 on Outposts only uses
+    #   the OUTPOSTS Storage Class. For more information, see [Storage
+    #   Classes][1] in the *Amazon S3 Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
     #   @return [String]
     #
     # @!attribute [rw] website_redirect_location
@@ -10308,7 +11508,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -10372,6 +11572,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
     #
     class PutObjectRequest < Struct.new(
@@ -10404,7 +11610,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -10436,6 +11643,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         bypass_governance_retention: false,
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10446,9 +11654,9 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
@@ -10491,6 +11699,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetentionRequest AWS API Documentation
     #
     class PutObjectRetentionRequest < Struct.new(
@@ -10500,7 +11714,8 @@ module Aws::S3
       :request_payer,
       :version_id,
       :bypass_governance_retention,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10533,6 +11748,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10542,18 +11758,28 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
-    #   Name of the tag.
+    #   Name of the object key.
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -10568,6 +11794,12 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
     #
     class PutObjectTaggingRequest < Struct.new(
@@ -10575,7 +11807,8 @@ module Aws::S3
       :key,
       :version_id,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10592,6 +11825,7 @@ module Aws::S3
     #           block_public_policy: false,
     #           restrict_public_buckets: false,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10615,12 +11849,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     #   @return [Types::PublicAccessBlockConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlockRequest AWS API Documentation
     #
     class PutPublicAccessBlockRequest < Struct.new(
       :bucket,
       :content_md5,
-      :public_access_block_configuration)
+      :public_access_block_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10685,11 +11926,15 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # This data type is deprecated. Use QueueConfiguration for the same
+    # This data type is deprecated. Use [QueueConfiguration][1] for the same
     # purposes. This data type specifies the configuration for publishing
     # messages to an Amazon Simple Queue Service (Amazon SQS) queue when
     # Amazon S3 detects specified events.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
+    #
     # @note When making an API call, you may pass QueueConfigurationDeprecated
     #   data as a hash:
     #
@@ -10873,7 +12118,7 @@ module Aws::S3
     #             destination: { # required
     #               bucket: "BucketName", # required
     #               account: "AccountId",
-    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #               access_control_translation: {
     #                 owner: "Destination", # required, accepts Destination
     #               },
@@ -10964,7 +12209,7 @@ module Aws::S3
     #         destination: { # required
     #           bucket: "BucketName", # required
     #           account: "AccountId",
-    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #           access_control_translation: {
     #             owner: "Destination", # required, accepts Destination
     #           },
@@ -11389,11 +12634,12 @@ module Aws::S3
     #                   value: "MetadataValue",
     #                 },
     #               ],
-    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #             },
     #           },
     #         },
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -11403,14 +12649,24 @@ module Aws::S3
     #   to the access point hostname. The access point hostname takes the
     #   form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -11437,6 +12693,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest AWS API Documentation
     #
     class RestoreObjectRequest < Struct.new(
@@ -11444,7 +12706,8 @@ module Aws::S3
       :key,
       :version_id,
       :restore_request,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11531,7 +12794,7 @@ module Aws::S3
     #                 value: "MetadataValue",
     #               },
     #             ],
-    #             storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #             storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #           },
     #         },
     #       }
@@ -11580,7 +12843,14 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies the redirect behavior and when a redirect is applied.
+    # Specifies the redirect behavior and when a redirect is applied. For
+    # more information about routing rules, see [Configuring advanced
+    # conditional redirects][1] in the *Amazon Simple Storage Service
+    # Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects
     #
     # @note When making an API call, you may pass RoutingRule
     #   data as a hash:
@@ -11806,7 +13076,7 @@ module Aws::S3
     #             value: "MetadataValue",
     #           },
     #         ],
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #       }
     #
     # @!attribute [rw] bucket_name
@@ -12000,6 +13270,7 @@ module Aws::S3
     #           start: 1,
     #           end: 1,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -12081,6 +13352,12 @@ module Aws::S3
     #     within the last 50 bytes of the file.
     #   @return [Types::ScanRange]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContentRequest AWS API Documentation
     #
     class SelectObjectContentRequest < Struct.new(
@@ -12094,7 +13371,8 @@ module Aws::S3
       :request_progress,
       :input_serialization,
       :output_serialization,
-      :scan_range)
+      :scan_range,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -12453,7 +13731,7 @@ module Aws::S3
     #       }
     #
     # @!attribute [rw] key
-    #   Name of the tag.
+    #   Name of the object key.
     #   @return [String]
     #
     # @!attribute [rw] value
@@ -12516,7 +13794,7 @@ module Aws::S3
     #   @return [Types::Grantee]
     #
     # @!attribute [rw] permission
-    #   Logging permissions assigned to the Grantee for the bucket.
+    #   Logging permissions assigned to the grantee for the bucket.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TargetGrant AWS API Documentation
@@ -12597,7 +13875,11 @@ module Aws::S3
     # A container for specifying the configuration for publication of
     # messages to an Amazon Simple Notification Service (Amazon SNS) topic
     # when Amazon S3 detects specified events. This data type is deprecated.
-    # Use TopicConfiguration instead.
+    # Use [TopicConfiguration][1] instead.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html
     #
     # @note When making an API call, you may pass TopicConfigurationDeprecated
     #   data as a hash:
@@ -12756,15 +14038,82 @@ module Aws::S3
     #         copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #         copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and key of the source object, separated by a
+    #     slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #     Alternatively, for objects accessed through Amazon S3 on Outposts,
+    #     specify the ARN of the object as accessed in the format
+    #     `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     outpost `my-outpost` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -12818,8 +14167,8 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header. This
-    #   must be the same encryption key specified in the initiate multipart
+    #   `x-amz-server-side-encryption-customer-algorithm` header. This must
+    #   be the same encryption key specified in the initiate multipart
     #   upload request.
     #   @return [String]
     #
@@ -12858,6 +14207,18 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest AWS API Documentation
     #
     class UploadPartCopyRequest < Struct.new(
@@ -12877,7 +14238,9 @@ module Aws::S3
       :copy_source_sse_customer_algorithm,
       :copy_source_sse_customer_key,
       :copy_source_sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -12943,6 +14306,7 @@ module Aws::S3
     #         sse_customer_key: "SSECustomerKey",
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] body
@@ -12950,7 +14314,30 @@ module Aws::S3
     #   @return [IO]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation with an access point through the AWS SDKs,
+    #   you provide the access point ARN in place of the bucket name. For
+    #   more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
     #   @return [String]
     #
     # @!attribute [rw] content_length
@@ -12988,8 +14375,8 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm header`. This
-    #   must be the same encryption key specified in the initiate multipart
+    #   `x-amz-server-side-encryption-customer-algorithm header`. This must
+    #   be the same encryption key specified in the initiate multipart
     #   upload request.
     #   @return [String]
     #
@@ -13011,6 +14398,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest AWS API Documentation
     #
     class UploadPartRequest < Struct.new(
@@ -13024,7 +14417,8 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key,
       :sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end